Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 387415 (CVE-2011-3619) - Kernel: Linux Kernel 2.6.x : security/apparmor/lsm.c DoS (CVE-2011-3619)
Summary: Kernel: Linux Kernel 2.6.x : security/apparmor/lsm.c DoS (CVE-2011-3619)
Status: RESOLVED FIXED
Alias: CVE-2011-3619
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://secunia.com/advisories/46423/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-17 14:45 UTC by Agostino Sarubbo
Modified: 2018-04-04 17:42 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-10-17 14:45:29 UTC
From secunia security advisory at $URL;

Description:

The vulnerability is caused due to an error within the "apparmor_setprocattr()" function (security/apparmor/lsm.c), which can be exploited to trigger a "BUG_ON()" if a process writes malformed data to its "/attr/current" proc file.

Solution:
Fixed in the GIT repository.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a5b2c5b2ad5853591a6cac6134cd0f599a720865
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-08-30 01:46:29 UTC
CVE-2011-3619 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3619):
  The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux
  kernel before 3.0 does not properly handle invalid parameters, which allows
  local users to cause a denial of service (NULL pointer dereference and OOPS)
  or possibly have unspecified other impact by writing to a
  /proc/#####/attr/current file.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:42:19 UTC
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.